<?php

require_once('init.php');

function adminLogin($username, $password) {
  global $db;  
  if ($rez = $db->getOne("SELECT * FROM @_@users WHERE user_name='$username' AND user_pwd='$password'")) {
    if($rez['isactive']=='0') {
      header("Location: login.php?err=lock\n");
    }
    else {
      $_SESSION[AUTH.'_admin']['user_id']   = $rez['user_id'];
      $_SESSION[AUTH.'_admin']['user_name'] = $username;
      $_SESSION[AUTH.'_admin']['user_pwd']  = $password;
      $_SESSION[AUTH.'_admin']['user_rank'] = $rez['user_rank'];
      $_SESSION[AUTH.'_admin']['visitip']   = $rez['visitip'];
      $_SESSION[AUTH.'_admin']['lastvisit'] = date('Y-m-d H:i:s',$rez['lastvisit']);
      $lastvisit = time();
      $visitip   = get_ip();
      $db->query("UPDATE @_@users SET visitip='$visitip', lastvisit=$lastvisit  WHERE user_id=".$rez['user_id']);
      unset($_SESSION['admin_vcode']);
      header("Location: index.php\n");
    }
  }
  else {
    $_SESSION['admin_vcode'] = '123456';
    header("Location: login.php?err=user\n");
  }
}

if($_GET['act']=='login') {
  $username = encrypt($_POST['username']);
  $password = md5($_POST['password']);
  $vcode    = $_POST['vcode'];
  if(isset($_SESSION['admin_vcode'])) {
    if($vcode==$_SESSION['admin_vcode']) {
      adminLogin($username, $password);
    }
    else {
      header("Location: login.php?err=vcode\n");
    }
  }
  else {
    adminLogin($username, $password);
  }
}
elseif($_GET['act']=='logout') {
  unset($_SESSION[AUTH.'_admin']);
  header("Location: login.php\n");
  exit;
}
elseif($_GET['act']=='vcode') {
  C('Captcha', array(vcode=>'admin_vcode'))->create();
  exit;
}

if($_GET['err']=='user') {
  $error_msg = 'error: 用户或密码错误';
}
elseif($_GET['err']=='vcode') {
  $error_msg = 'error: 验证码错误!';
}
elseif($_GET['err']=='lock') {
  $error_msg = 'error: 用户已被禁用';
}
else {
  $error_msg = '';
}

?>
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
  <head>
    <title> Login </title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" >
    <style>
      <!--
      *{margin:0; padding:0;}
      img {border:0;}
      a:link {text-decoration:none;color:#09F;outline:none;blr:expression(this.onFocus=this.blur());}
      body {color:#666;font-family:"宋体", Arial;font-size:12px;background:#fff url(themes/bg_login.jpg) no-repeat scroll center 0;}
      li {list-style:none;line-height:32px;height:32px;}
      .blank {height:192px;clear:both;}
      .left {width:46%;float:left;text-align:right;}
      .right {width:48%;float:right;}
      .w160 {width:165px;}
      .w100 {width:100px;}
      .btn {background:url(themes/bg_button.gif) no-repeat;cursor:pointer;width:80px;height:20px;border:none;line-height:20px;}
      .red {color:#ee0000;}
      -->
    </style>
  </head>
  
  <body onload="javascript:document.form.username.focus();">
    <div class="blank"></div>
    <div class="left">
      
    </div>
    <div class="right">
      <form name="form" method="post" action="?act=login">
      <ul>
        <li><h3> 登陆后台管理系统 </h3></li>
        <li class="red"><?php echo $error_msg ?></li>
        <li> 管理员： <input name="username" class="w160" value="" maxlength="20" type="text" /></li>
        <li> 密　码： <input name="password" class="w160" value="" maxlength="32" type="password" /> <img src="themes/lock.gif"/></li>
        <?php if(isset($_SESSION['admin_vcode'])) { ?>
        <li> 验证码： <input name="vcode" class="w100" value="" maxlength="4" type="text" /> <img src="login.php?act=vcode" width="60" height="20"/></li>
        <?php } ?>
        <li style="padding-left:48px;">
          <input name="submit" value=" 登录 " class="btn" type="submit" /> 
          <input name="reset" value=" 清除 " class="btn" type="reset" />
        </li>        
      </ul>
      </form>
    </div>
  </body>
  
</html>
